Commit 96d60303fd (ahci: Turn off DMA engines when there's no device)
implemented stopping DMA engines on empty ports but it used single
sampling of status registers to determine device presence which led to
disabling of DMA engines on occupied ports. Do it after all EH
actions are complete using device presence state determined by EH.
This avoids spurious disabling of DMA engines and simplifies the code.

JMB362 is a new variant of jmicron controller which is similar to
JMB360 but has two SATA ports instead of one. As there is no PATA
port, single function AHCI mode can be used as in JMB360. Add pci
quirk for JMB362.

The code used to multiply the character offset by "vc->vc_cols", and
that's actually correct, because 'd' itself is an 'unsigned short'. So
the pointer arithmetic already takes the size of a VGA character into
account. Changing it to use vc_size_row (which is just "vc_cols"
shifted up to take the size of the character into account) ends up
multiplying with the VGA character size twice.

This got reported as bugs for various other subsystems, because what it
actually results in is writing the 16-bit vc_video_erase_char pattern
(usually 0x0720: 0x07 is the default attribute, 0x20 is ASCII space)
into some random other allocation.

So Markus ended up reporting this as a ext4 bug, while to Torsten Kaiser
it looked like a problem with KMS or libata. Jeff Chua saw it in
different places.

And finally - Justin Mattock had slab poisoning enabled, and saw it as a
slab poison overwritten. And bisected and reverted this to verify the
buggy commit.

Cursors need to be in the GTT domain when being accessed by the GPU.
Previously this was a fortuitous byproduct of userspace using pwrite()
to upload the image data into the cursor. The redundant clflush was
removed in commit 9b8c4a and so the image was no longer being flushed
out of the caches into main memory. One could also devise a scenario
where the cursor was rendered by the GPU, prior to being attached as the
cursor, resulting in similar corruption due to the missing MI_FLUSH.

Problem: it's hard to avoid an init routine stumbling over a
request_module these days. And it's not clear it's always a bad idea:
for example, a module like kvm with dynamic dependencies on kvm-intel
or kvm-amd would be neater if it could simply request_module the right
one.

If another module is waiting inside resolve_symbol() for libcrc32c to
finish initializing (ie. bne2 depends on libcrc32c) then it does so
holding the module lock, and our request_module() can't make progress
until that is released.

Waiting inside resolve_symbol() without the lock isn't all that hard:
we just need to pass the -EBUSY up the call chain so we can sleep
where we don't hold the lock. Error reporting is a bit trickier: we
need to copy the name of the unfinished module before releasing the
lock.

Other notes:
1) This also fixes a theoretical issue where a weak dependency would allow
symbol version mismatches to be ignored.
2) We rename use_module to ref_module to make life easier for the only
external user (the out-of-tree ksplice patches).

I think Rusty may have made the lock a bit _too_ finegrained there, and
didn't add it to some places that needed it. It looks, for example, like
PATCH 1/2 actually drops the lock in places where it's needed
("find_module()" is documented to need it, but now load_module() didn't
hold it at all when it did the find_module()).

Rather than adding a new "module_loading" list, I think we should be able
to just use the existing "modules" list, and just fix up the locking a
bit.

In fact, maybe we could just move the "look up existing module" a bit
later - optimistically assuming that the module doesn't exist, and then
just undoing the work if it turns out that we were wrong, just before
adding ourselves to the list.

When adding a module that depends on another one, we used to create a
one-way list of "modules_which_use_me", so that module unloading could
see who needs a module.

It's actually quite simple to make that list go both ways: so that we
not only can see "who uses me", but also see a list of modules that are
"used by me".

In fact, we always wanted that list in "module_unload_free()": when we
unload a module, we want to also release all the other modules that are
used by that module. But because we didn't have that list, we used to
first iterate over all modules, and then iterate over each "used by me"
list of that module.

By making the list two-way, we simplify module_unload_free(), and it
allows for some trivial fixes later too.

I believe a moderate SYN flood attack can corrupt RFS flow table
(rps_sock_flow_table), making RPS/RFS much less effective.

Even in a normal situation, server handling short lived sessions suffer
from bad steering for the first data packet of a session, if another SYN
packet is received for another session.

We do following action in tcp_v4_rcv() :

sock_rps_save_rxhash(sk, skb->rxhash);

We should _not_ do this if sk is a LISTEN socket, as about each
packet received on a LISTEN socket has a different rxhash than
previous one.
-> RPS_NO_CPU markers are spread all over rps_sock_flow_table.

Also, it makes sense to protect sk->rxhash field changes with socket
lock (We currently can change it even if user thread owns the lock
and might use rxhash)

This patch moves sock_rps_save_rxhash() to a sock locked section,
and only for non LISTEN sockets.

xfrm triggers a warning if dst_pop() drops a refcount
on a noref dst. This patch changes dst_pop() to
skb_dst_pop(). skb_dst_pop() drops the refcnt only
on a refcounted dst. Also we don't clone the child
dst_entry, so it is not refcounted and we can use
skb_dst_set_noref() in xfrm_output_one().

Remove a BUG_ON for when interrupts are disabled during an MMC request.

During boot, interrupts can be disabled when a request is made, causing
this bug to be triggered. In reality, there's no reason this should halt
the kernel, as the driver has proved reliable in spite of disabled
interrupts, and additionally, there's nothing in this code that would
require interrupts to be enabled.

The only setup I've managed to make it trigger on is on the HTC Herald
during bootup when the driver is built into the kernel (mostly because
that's all I have). I believe it's related to the fact that on bootup I
get many timeout errors on "CMD5" while initializing the card. Each CMD5
timeout triggers that bug (I changed it to a WARN_ON to get it to boot in)
due to the fact that part of the timeout code involves sending the request
again. With interrupts turned off, that BUG would be triggered.

Original intention was "return success if the system have shrinkable zones
though priority==0 reclaim was failure". But the above patch changed to
"return nr_reclaimed if .....". Oh, That forgot nr_reclaimed may be 0 if
priority==0 reclaim failure.

Commit f601441916d1e19291d0b4f044b4a7551e2924d0 ("imxfb: add support for
i.MX25:) has inserted the symbol HAVE_FB_IMX, which does not depend on FB
after the menuconfig FB. This breaks the menu, presenting most of the
drivers outside of it, when using menuconfig.

Moving the symbol to the start of the file, just like HAVE_FB_ATMEL, fixes
the problem without breaking it for iMX25 configurations (tested with
ARCH=arm, no build).

task_struct->pesonality is "unsigned int", but sys_personality() paths use
"unsigned long pesonality". This means that every assignment or
comparison is not right. In particular, if this argument does not fit
into "unsigned int" __set_personality() changes the caller's personality
and then sys_personality() returns -EINVAL.

Turn this argument into "unsigned int" and avoid overflows. Obviously,
this is the user-visible change, we just ignore the upper bits. But this
can't break the sane application.

There is another thing which can confuse the poorly written applications.
User-space thinks that this syscall returns int, not long. This means
that the returned value can be negative and look like the error code. But
note that libc won't be confused and thus errno won't be set, and with
this patch the user-space can never get -1 unless sys_personality() really
fails. And, most importantly, the negative RET != -1 is only possible if
that app previously called personality(RET).

The stack and data have different alignment requirements, so don't force
them to wear the same shoe. Increase the data alignment to match that
which the elf2flt linker script has always been using: 0x20 bytes. Not
only does this bring the kernel loader in line with the toolchain, but it
also fixes a swath of gcc tests which try to force larger alignment values
but randomly fail when the FLAT loader fails to deliver.

Limit number of accumulated non-balloonable pages during inflation cycle,
otherwise there is a chance we will be spinning and growing the list
forever. This happens during torture tests when balloon target changes
while we are in the middle of inflation cycle and monitor starts refusing
to lock pages (since they are not needed anymore).

As explained in commit 1c0fe6e3bd ("mm: invoke oom-killer from page
fault") , we want to call the architecture independent oom killer when
getting an unexplained OOM from handle_mm_fault, rather than simply
killing current.

As explained in commit 1c0fe6e3bd ("mm: invoke oom-killer from page
fault") , we want to call the architecture independent oom killer when
getting an unexplained OOM from handle_mm_fault, rather than simply
killing current.

As explained in commit 1c0fe6e3bd ("mm: invoke oom-killer from page
fault") , we want to call the architecture independent oom killer when
getting an unexplained OOM from handle_mm_fault, rather than simply
killing current.

As explained in commit 1c0fe6e3bd ("mm: invoke oom-killer from page
fault") , we want to call the architecture independent oom killer when
getting an unexplained OOM from handle_mm_fault, rather than simply
killing current.

mtime and ctime should be changed only if the file size has actually
changed. Patches changing ext2 and tmpfs from vmtruncate to new truncate
sequence has caused regressions where they always update timestamps.

There is some strange cases in POSIX where truncate(2) must not update
times unless the size has acutally changed, see 6e656be89.

This area is all still rather buggy in different ways in a lot of
filesystems and needs a cleanup and audit (ideally the vfs will provide
a simple attribute or call to direct all filesystems exactly which
attributes to change). But coming up with the best solution will take a
while and is not appropriate for rc anyway.

sysfs and configfs setattr functions have error cases after the generic inode's
attributes have been changed. Fix consistency by changing the generic inode
attributes only when it is guaranteed to succeed.

Fixes Kconfig so the wlags49_h2 and wlags49_h25 drivers can be
selected from menuconfig without having to select another WLAN
driver first. Before it could only be selected when another driver
already selected WIRELESS_EXT. Also adds WEXT_PRIV on which
the driver also depends.

A new buffer for a packet is created when a icmp packet is received.
This happens in a context with disabled irq. Thus we are not allowed to
sleep or call function which might sleep. kmalloc must be called with
GFP_ATOMIC instead of GFP_KERNEL to ensure that it does not sleep.

Staging: batman-adv: Call unregister_netdev on failures to get rtnl lock

We must call unregister_netdev when we couldn't initialise the
batman-adv module and the soft_device was registered. There are two
version of the function which we can use:
* unregister_netdevice - removes device
* unregister_netdev - takes rtnl semaphore and remove device

We don't hold the semaphore in an error situation. So we must use
unregister_netdev.

Qualcomm development of the MSM SOC framebuffer driver has
diverged significantly from the driver used by Android. This
is a snapshot of our current driver, in all it's agony. We are
putting this in staging to help with the process of converging
the two drivers.

At this point, the driver has been tested only in dumb
framebuffer mode.

For write(), any data copied to the data buffer after the previously
set up streaming acquisition command has finished won't be used, but a
non-empty write() does not currently return 0 (or -EPIPE on error) after
the command has finished until the data buffer has been filled up.
Change this behavior to return 0 (or -EPIPE) any time after the command
has finished, without bothering to fill up the buffer with more useless
data.

The internal state of an 82C54 counter timer chip will get messed up if
several threads read, write, configure, or check the status of the chip
simultaneously. Protect the register access sequences with a spin lock.

The Addi-Data PCI drivers for Comedi use sprintf() in their comedi
"attach" routine to construct a string to pass as the name in the call
to request_irq(). All calls to "attach" routine share the same static
buffer for this name, but the contents will differ on each call
(including the comedi device number and the comedi board name). This
changes the name displayed in /proc/interrupts for previous calls to
request_irq() using the same buffer. Just use the board name instead;
it has slightly less information (no comedi device number) but at least
it doesn't change over the lifetime of the IRQ handler.

It is not currently possible for more than one of the addi_apci_*
drivers to register themselves with comedi at once because they all use
the same comedi driver name "addi_common". Give them different names.

Touchscreen driver used by intel mid devices. Some clean up by Alan Cox. This
driver is basically ready for upstreaming properly but is tied wrongly to the
SPI layer and needs firmware/SFI changes to fix that.

This driver handles XG20, XG21, XG40, XG42 chipsets from XGI. They're
also known as Z7,Z9,Z11 chipsets. It's based on the SiS fb driver but
has been heavily modified by XGI to support their newer chipsets.